Programs running on TDX-enabled systems are stored in plaintext. However, when data is transferred from the processor to the main memory, TDX employs a unique CPU-specific key to encrypt it. This encryption process enclaves the program in memory, safeguarding it from unauthorized access. The encryption operates at the granularity of cache lines, preventing peripheral devices from reading or tampering with the private memory of Trust Domains (TDs) without detection. Any tampering during data loading from main memory is also detected by the processor.

TDX ensures the protection of TDs from concurrently executed processes. It achieves this by managing the virtual CPU states of TDs during context switches between security domains. The TD's metadata, containing CPU states, is protected using the TD's key while in main memory. During context switches, TDX clears or isolates TD-specific states from internal processor registers and buffers, such as Translation Lookaside Buffer (TLB) entries or branch prediction buffers, to maintain the security of the TD's information.

TDX safeguards the integrity of TD's execution from host interference. It ensures that the TD resumes computation after an interrupt at the expected instruction within the expected states. TDX can detect malicious changes to virtual CPU states and any unauthorized modification, injection, or removal of instructions from private memory. However, TDX does not provide additional guarantees for control flow integrity. TD owners need to employ existing compilation-based or hardware-assisted control flow integrity enforcement techniques, like Control Flow Enforcement Technology (CET).

As of TDX 1.0, nested virtualization is not supported, meaning running VMs within a TD is not allowed. Attempting to use VMX instructions within a TD can lead to Undefined Instruction (UD) exceptions. However, the TD partitioning architecture specification draft suggests that nested virtualization will be supported in TDX 1.5 in the future.

Peripheral devices and accelerators lie outside the trust boundaries of TDs and should not have access to TD's private memory. For virtualized I/O, a TD can opt to explicitly share memory for data transfer. However, TDX does not provide confidentiality and integrity protection for data in shared memory regions. TD owners need to implement appropriate mechanisms, such as using secure communication channels like Transport Layer Security (TLS), to protect data leaving TD's trust boundary. TDX 2.0, in the future, will include trusted I/O virtualization to address these concerns.